Global ETD Search

41	Optimised cloud-based 6LoWPAN network using SDN/NFV concepts for energy-aware IoT applications Al-Kaseem, Bilal R. January 2017 (has links) The Internet of Things (IoT) concept has been realised with the advent of Machineto-Machine (M2M) communication through which the vision of future Internet has been revolutionised. IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) provides feasible IPv6 connectivity to previously isolated environments, e.g. wireless M2M sensors and actuator networks. This thesis's contributions include a novel mathematical model, energy-efficient algorithms, and a centralised software controller for dynamic consolidation of programmability features in cloud-based M2M networks. A new generalised joint mathematical model has been proposed for performance analysis of the 6LoWPAN MAC and PHY layers. The proposed model differs from existing analytical models as it precisely adopts the 6LoWPAN specifications introduced by the Internet Engineering Task Force (IETF) working group. The proposed approach is based on Markov chain modelling and validated through Monte-Carlo simulation. In addition, an intelligent mechanism has been proposed for optimal 6LoWPAN MAC layer parameters set selection. The proposed mechanism depends on Artificial Neural Network (ANN), Genetic Algorithm (GA), and Particles Swarm Optimisation (PSO). Simulation results show that utilising the optimal MAC parameters improve the 6LoWPAN network throughput by 52-63% and reduce end-to-end delay by 54-65%. This thesis focuses on energy-efficient data extraction and dissemination in a wireless M2M sensor network based on 6LoWPAN. A new scalable and self-organised clustering technique with a smart sleep scheduler has been proposed for prolonging M2M network's lifetime and enhancing network connectivity. These solutions succeed in overcoming performance degradation and unbalanced energy consumption problems in homogeneous and heterogeneous sensor networks. Simulation results show that by adopting the proposed schemes in multiple mobile sink sensory field will improve the total aggregated packets by 38-167% and extend network lifetime by 30-78%. Proof-of-concept real-time hardware testbed experiments are used to verify the effectiveness of Software-Defined Networking (SDN), Network Function Virtualisation (NFV) and cloud computing on a 6LoWPAN network. The implemented testbed is based on open standards development boards (i.e. Arduino), with one sink, which is the M2M 6LoWPAN gateway, where the network coordinator and the customised SDN controller operated. Experimental results indicate that the proposed approach reduces network discovery time by 60% and extends the node lifetime by 65% in comparison with the traditional 6LoWPAN network. Finally, the thesis is concluded with an overall picture of the research conducted and some suggestions for future work.
42	Resource Management for Efficient, Scalable and Resilient Network Function Chains Kulkarni, Sameer G. 04 July 2018 (has links) No description available. 510 Network Function Virtualization (NFV) Software Defined Networking (SDN) Service Function Chains (SFC) Middleboxes Network Resiliency Fault-Tolerance Network Softwarization Cloud computing Informatik (PPN619939052)
43	AN EVALUATION OF SDN AND NFV SUPPORT FOR PARALLEL, ALTERNATIVE PROTOCOL STACK OPERATIONS IN FUTURE INTERNETS Suresh, Bhushan 09 July 2018 (has links) Virtualization on top of high-performance servers has enabled the virtualization of network functions like caching, deep packet inspection, etc. Such Network Function Virtualization (NFV) is used to dynamically adapt to changes in network traffic and application popularity. We demonstrate how the combination of Software Defined Networking (SDN) and NFV can support the parallel operation of different Internet architectures on top of the same physical hardware. We introduce our architecture for this approach in an actual test setup, using CloudLab resources. We start of our evaluation in a small setup where we evaluate the feasibility of the SDN and NFV architecture and incrementally increase the complexity of the setup to run a live video streaming application. We use two vastly different protocol stacks, namely TCP/IP and NDN to demonstrate the capability of our approach. The evaluation of our approach shows that it introduces a new level of flexibility when it comes to operation of different Internet architectures on top of the same physical network and with this flexibility provides the ability to switch between the two protocol stacks depending on the application. Software Defined Networks (SDN) Network Function virtualization (NFV) Named Data Networks (NDN) Future Internet Architecture (FIA) Live Video Streaming Adaptive Bitrate Streaming (ABR) Electrical and Computer Engineering
44	Virtualizace vstupních a výstupních operací v počítačových sítích / Virtualization of I/O Operations in Computer Networks Remeš, Jan January 2017 (has links) This work deals with virtualization of computer systems and network cards in high-speed computer networks, and describes implementation of the SR-IOV virtualization technology support in the COMBO network card platform. Various approaches towards network card virtualization are compared, and the benefits of the SR-IOV technology for high performance applications are described. The work gives overview of the COMBO platform and describes design and implementation of the SR-IOV technology support for the COMBO platform. The work concludes with measurement and analysis of the implemented technology performance in virtual machines. The result of this work is the COMBO cards' support for the SR-IOV technology, which makes it possible to use them in virtual machines with wire-speed performance preserved. This allows future COMBO cards to be used as accelerators in the networks utilizing the Network Function Virtualization.
45	Design and optimization of next-generation carrier-grade wi-fi networks / Conception et optimisation des réseaux wi-fi opérateur de nouvelle génération Ben Jemaa, Fatma 27 September 2016 (has links) Comme le Wi-Fi est devenu de plus en plus important dans les réseaux actuels, ainsi que dans les réseaux du futur, de nouvelles exigences " opérateur " se sont apparues afin de supporter les attentes des utilisateurs et de fournir des réseaux Wi-Fi de haute performance. Dans ce contexte, nous étudions plusieurs problèmes liés à la conception et l'optimisation des réseaux Wi-Fi opérateur de nouvelle génération. Dans la première étape, notre objectif est d'améliorer l'expérience utilisateur Wi-Fi et de lui offrir un accès personnalisé et transparent aux réseaux et services Wi-Fi. Pour cela, nous proposons une extension des trames de gestion IEEE 802.11 pour activer la découverte des services locaux avant l'association Wi-Fi, tout en évitant la surcharge du canal. Nous définissons également un ensemble d'étiquettes de service pour identifier d'une manière standardisée les services les plus connus. Dans la deuxième étape, nous adressons les problèmes liés à l'architecture et la gestion du réseau dans un environnement Wi-Fi opérateur de nouvelle génération. Plus précisément, nous proposons, tout d'abord, une nouvelle architecture Wi-Fi qui exploite les concepts de NFV et du Edge Cloud Computing. Nous visons à travers cette architecture à apporter plus d'agilité et d'adaptabilité et d'améliorer la QoS perçue par l'utilisateur en plaçant des fonctions réseau et certains services à proximité de lui. Pour faire face à certains problèmes de gestion dans cette architecture, nous proposons ensuite des stratégies de placement et de provisionnement des fonctions de réseau virtuelles en s'appuyant sur des exigences de QoS. / As Wi-Fi is gaining a lot of momentum in today’s networks as well as in future networks, new carrier-grade requirements are emerging to support future user expectations and provide high-performance Wi-Fi networks. In this context, we investigate several problems surrounding the design and optimization of carrier-grade next-generation Wi-Fi networks. In the first stage, our objective is to improve the Wi-Fi user experience and offer to him a personalized and seamless access to Wi-Fi networks and services. For this, we propose an extension to the IEEE 802.11 management frames to enable venue service discovery prior to Wi-Fi association while avoiding channel overhead. We define also a set of extensible service labels to uniquely and globally identify the most known venue-based services. In the second stage, we deal with network architecture and management issues in next-generation carrier Wi-Fi environment. More specifically, we first propose a novel carrier-managed Wi-Fi architecture that leverages NFV and Edge Cloud Computing concepts. We aim through this architecture to bring more agility and adaptability and improve user perceived QoS by placing network functions and certain services close to end-users. To address some major management issues in this proposed architecture, we then propose placement and provisioning strategies of Virtual Network Functions based on QoS requirements. These strategies can also be applied to any edge-central wireless carrier architecture, since they do not make any assumption about the underlying wireless technology. Réseau Wi-Fi opérateur Réseaux de nouvelle-Génération Experience utilisateur Nfv Placement des VNFs QoS Networks carrier-grade New generation carrier Wi-Fi User experience 004
46	Agile Network Security for Software Defined Edge Clouds Osman, Amr 07 March 2023 (has links) Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement. Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations. However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments Acronyms & Abbreviations 1 Introduction 1.1 Prelude 1.2 Motivation and Challenges 1.3 Aim and objectives 1.4 Contributions 1.5 Thesis structure 2 Background 2.1 A primer on computer networks 2.2 Network security 2.3 Network softwarization 2.4 Cloudification of networks 2.5 Securing cloud networks 2.6 Towards Securing Edge Cloud Networks 2.7 Summary I Adaptive security in consumer edge cloud networks 3 Automatic microsegmentation of smarthome IoT networks 3.1 Introduction 3.2 Related work 3.3 Smart home microsegmentation 3.4 Software-Defined Secure Isolation 3.5 Evaluation 3.6 Summary 4 Smart home microsegmentation with user privacy in mind 4.1 Introduction 4.2 Related Work 4.3 Goals and Assumptions 4.4 Quantifying the security and privacy of SHIoT devices 4.5 Automatic microsegmentation 4.6 Manual microsegmentation 4.7 Experimental setup 4.8 Evaluation 4.9 Summary II Adaptive security in enterprise edge cloud networks 5 Adaptive real-time network deception and isolation 5.1 Introduction 5.2 Related work 5.3 Sandnet’s concept 5.4 Live Cloning and Network Deception 5.5 Evaluation 5.6 Summary 6 Localization of internal stealthy DDoS attacks on Microservices 6.1 Introduction 6.2 Related work 6.3 Assumptions & Threat model 6.4 Mitigating SILVDDoS 6.5 Evaluation 6.6 Summary III Summary of Results 7 Conclusion 7.1 Main outcomes 7.2 Future outlook Listings Bibliography List of Algorithms List of Figures List of Tables Appendix info:eu-repo/classification/ddc/006 ddc:006
47	Privacy and Security Enhancements for Tor Arushi Arora (18414417) 21 April 2024 (has links) <p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor<sub>OS</sub>, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p> System and network security Networking and communications Privacy and data rights tor anonymity networks privacy usability and security programmable networks onion services CDN censorship anonymity NFV
48	Scalable cost-efficient placement and chaining of virtual network functions / Posicionamento e encadeamento escalável e baixo custo de funções virtualizados de rede Luizelli, Marcelo Caggiani January 2017 (has links) A Virtualização de Funções de Rede (NFV – Network Function Virtualization) é um novo conceito arquitetural que está remodelando a operação de funções de rede (e.g., firewall, gateways e proxies). O conceito principal de NFV consiste em desacoplar a lógica de funções de rede dos dispositivos de hardware especializados e, desta forma, permite a execução de imagens de software sobre hardware de prateleira (COTS – Commercial Off-The-Shelf). NFV tem o potencial para tornar a operação das funções de rede mais flexíveis e econômicas, primordiais em ambientes onde o número de funções implantadas pode chegar facilmente à ordem de centenas. Apesar da intensa atividade de pesquisa na área, o problema de posicionar e encadear funções de rede virtuais (VNF – Virtual Network Functions) de maneira escalável e com baixo custo ainda apresenta uma série de limitações. Mais especificamente, as estratégias existentes na literatura negligenciam o aspecto de encadeamento de VNFs (i.e., objetivam sobretudo o posicionamento), não escalam para o tamanho das infraestruturas NFV (i.e., milhares de nós com capacidade de computação) e, por último, baseiam a qualidade das soluções obtidas em custos operacionais não representativos. Nesta tese, aborda-se o posicionamento e o encadeamento de funções de rede virtualizadas (VNFPC – Virtual Network Function Placement and Chaining) como um problema de otimização no contexto intra- e inter-datacenter. Primeiro, formaliza-se o problema VNFPC e propõe-se um modelo de Programação Linear Inteira (ILP) para resolvêlo. O objetivo consiste em minimizar a alocação de recursos, ao mesmo tempo que atende aos requisitos e restrições de fluxo de rede. Segundo, aborda-se a escalabilidade do problema VNFPC para resolver grandes instâncias do problema (i.e., milhares de nós NFV). Propõe-se um um algoritmo heurístico baseado em fix-and-optimize que incorpora a meta-heurística Variable Neighborhood Search (VNS) para explorar eficientemente o espaço de solução do problema VNFPC. Terceiro, avalia-se as limitações de desempenho e os custos operacionais de estratégias típicas de aprovisionamento ambientes reais de NFV. Com base nos resultados empíricos coletados, propõe-se um modelo analítico que estima com alta precisão os custos operacionais para requisitos de VNFs arbitrários. Quarto, desenvolve-se um mecanismo para a implantação de encadeamentos de VNFs no contexto intra-datacenter. O algoritmo proposto (OCM – Operational Cost Minimization) baseia-se em uma extensão da redução bem conhecida do problema de emparelhamento ponderado (i.e., weighted perfect matching problem) para o problema de fluxo de custo mínimo (i.e., min-cost flow problem) e considera o desempenho das VNFs (e.g., requisitos de CPU), bem como os custos operacionais estimados. Os resultados alcaçados mostram que o modelo ILP proposto para o problema VNFPC reduz em até 25% nos atrasos fim-a-fim (em comparação com os encadeamentos observados nas infra-estruturas tradicionais) com um excesso de provisionamento de recursos aceitável – limitado a 4%. Além disso, os resultados evidenciam que a heurística proposta (baseada em fix-and-optimize) é capaz de encontrar soluções factíveis de alta qualidade de forma eficiente, mesmo em cenários com milhares de VNFs. Além disso, provê-se um melhor entendimento sobre as métricas de desempenho de rede (e.g., vazão, consumo de CPU e capacidade de processamento de pacotes) para as estratégias típicas de implantação de VNFs adotadas infraestruturas NFV. Por último, o algoritmo proposto no contexto intra-datacenter (i.e. OCM) reduz significativamente os custos operacionais quando comparado aos mecanismos de posicionamento típicos uti / Network Function Virtualization (NFV) is a novel concept that is reshaping the middlebox arena, shifting network functions (e.g. firewall, gateways, proxies) from specialized hardware appliances to software images running on commodity hardware. This concept has potential to make network function provision and operation more flexible and cost-effective, paramount in a world where deployed middleboxes may easily reach the order of hundreds. Despite recent research activity in the field, little has been done towards scalable and cost-efficient placement & chaining of virtual network functions (VNFs) – a key feature for the effective success of NFV. More specifically, existing strategies have neglected the chaining aspect of NFV (focusing on efficient placement only), failed to scale to hundreds of network functions and relied on unrealistic operational costs. In this thesis, we approach VNF placement and chaining as an optimization problem in the context of Inter- and Intra-datacenter. First, we formalize the Virtual Network Function Placement and Chaining (VNFPC) problem and propose an Integer Linear Programming (ILP) model to solve it. The goal is to minimize required resource allocation, while meeting network flow requirements and constraints. Then, we address scalability of VNFPC problem to solve large instances (i.e., thousands of NFV nodes) by proposing a fixand- optimize-based heuristic algorithm for tackling it. Our algorithm incorporates a Variable Neighborhood Search (VNS) meta-heuristic, for efficiently exploring the placement and chaining solution space. Further, we assess the performance limitations of typical NFV-based deployments and the incurred operational costs of commodity servers and propose an analytical model that accurately predict the operational costs for arbitrary service chain requirements. Then, we develop a general service chain intra-datacenter deployment mechanism (named OCM – Operational Cost Minimization) that considers both the actual performance of the service chains (e.g., CPU requirements) as well as the operational incurred cost. Our novel algorithm is based on an extension of the well-known reduction from weighted matching to min-cost flow problem. Finally, we tackle the problem of monitoring service chains in NFV-based environments. For that, we introduce the DNM (Distributed Network Monitoring) problem and propose an optimization model to solve it. DNM allows service chain segments to be independently monitored, which allows specialized network monitoring requirements to be met in a efficient and coordinated way. Results show that the proposed ILP model for the VNFPC problem leads to a reduction of up to 25% in end-to-end delays (in comparison to chainings observed in traditional infrastructures) and an acceptable resource over-provisioning limited to 4%. Also, we provide strong evidences that our fix-and-optimize based heuristic is able to find feasible, high-quality solutions efficiently, even in scenarios scaling to thousands of VNFs. Further, we provide indepth insights on network performance metrics (such as throughput, CPU utilization and packet processing) and its current limitations while considering typical deployment strategies. Our OCM algorithm reduces significantly operational costs when compared to the de-facto standard placement mechanisms used in Cloud systems. Last, our DNM model allows finer grained network monitoring with limited overheads. By coordinating the placement of monitoring sinks and the forwarding of network monitoring traffic, DNM can reduce the number of monitoring sinks and the network resource consumption (54% lower than a traditional method). Redes : Computadores Redes virtuais Gerencia : Redes : Computadores Network Function Virtualization Combinatorial Optimization NFV Orchestration Service Chaining Performance Evaluation Open vSwitch Operational Cost Variable Neighborhood Search Math-heuristic Mathematical Programming
49	Simulating and prototyping software defined networking (sdn) using mininet approach to optimise host communication in realistic programmable networking environment optimise host communication in realistic programmable networking environment. Zulu, Lindinkosi Lethukuthula 19 August 2019 (has links) This is a Masters student Final Dissertation / In this project, two tests were performed. On the first test, Mininet-WiFi was used to simulate a Software Defined Network to demonstrate Mininet-WiFi’ s ability to be used as the Software Defined Network emulator which can also be integrated to the existing network using a Network Virtualized Function (NVF). A typical organization’s computer network was simulated which consisted of a website hosted on the LAMP (Linux, Apache, MySQL, PHP) virtual machine, and an F5 application delivery controller (ADC) which provided load balancing of requests sent to the web applications. A website page request was sent from the virtual stations inside Mininet-WiFi. The request was received by the application delivery controller, which then used round robin technique to send the request to one of the web servers on the LAMP virtual machine. The web server then returned the requested website to the requesting virtual stations using the simulated virtual network. The significance of these results is that it presents Mininet-WiFi as an emulator, which can be integrated into a real programmable networking environment offering a portable, cost effective and easily deployable testing network, which can be run on a single computer. These results are also beneficial to modern network deployments as the live network devices can also communicate with the testing environment for the data center, cloud and mobile provides. On the second test, a Software Defined Network was created in Mininet using python script. An external interface was added to enable communication with the network outside of Mininet. The amazon web services elastic computing cloud was used to host an OpenDaylight controller. This controller is used as a control plane device for the virtual switch within Mininet. In order to test the network, a webserver hosted on the Emulated Virtual Environment – Next Generation (EVENG) software is connected to Mininet. EVE-NG is the Emulated Virtual Environment for networking. It provides tools to be able to model virtual devices and interconnect them with other virtual or physical devices. The OpenDaylight controller was able to create the flows to facilitate communication between the hosts in Mininet and the webserver in the real-life network / The University of South Africa The University of Johannesburg / College of Engineering, Science and Technology Software Defined Networking (SDN) Network Functions Virtualization (NFV) OpenDaylight Controller Mininet Linux Web Server Mininet Wi-Fi Application Delivery Controller (F5) Cloud Computing (Amazon Web Services) Python Script
50	Scalable cost-efficient placement and chaining of virtual network functions / Posicionamento e encadeamento escalável e baixo custo de funções virtualizados de rede Luizelli, Marcelo Caggiani January 2017 (has links) A Virtualização de Funções de Rede (NFV – Network Function Virtualization) é um novo conceito arquitetural que está remodelando a operação de funções de rede (e.g., firewall, gateways e proxies). O conceito principal de NFV consiste em desacoplar a lógica de funções de rede dos dispositivos de hardware especializados e, desta forma, permite a execução de imagens de software sobre hardware de prateleira (COTS – Commercial Off-The-Shelf). NFV tem o potencial para tornar a operação das funções de rede mais flexíveis e econômicas, primordiais em ambientes onde o número de funções implantadas pode chegar facilmente à ordem de centenas. Apesar da intensa atividade de pesquisa na área, o problema de posicionar e encadear funções de rede virtuais (VNF – Virtual Network Functions) de maneira escalável e com baixo custo ainda apresenta uma série de limitações. Mais especificamente, as estratégias existentes na literatura negligenciam o aspecto de encadeamento de VNFs (i.e., objetivam sobretudo o posicionamento), não escalam para o tamanho das infraestruturas NFV (i.e., milhares de nós com capacidade de computação) e, por último, baseiam a qualidade das soluções obtidas em custos operacionais não representativos. Nesta tese, aborda-se o posicionamento e o encadeamento de funções de rede virtualizadas (VNFPC – Virtual Network Function Placement and Chaining) como um problema de otimização no contexto intra- e inter-datacenter. Primeiro, formaliza-se o problema VNFPC e propõe-se um modelo de Programação Linear Inteira (ILP) para resolvêlo. O objetivo consiste em minimizar a alocação de recursos, ao mesmo tempo que atende aos requisitos e restrições de fluxo de rede. Segundo, aborda-se a escalabilidade do problema VNFPC para resolver grandes instâncias do problema (i.e., milhares de nós NFV). Propõe-se um um algoritmo heurístico baseado em fix-and-optimize que incorpora a meta-heurística Variable Neighborhood Search (VNS) para explorar eficientemente o espaço de solução do problema VNFPC. Terceiro, avalia-se as limitações de desempenho e os custos operacionais de estratégias típicas de aprovisionamento ambientes reais de NFV. Com base nos resultados empíricos coletados, propõe-se um modelo analítico que estima com alta precisão os custos operacionais para requisitos de VNFs arbitrários. Quarto, desenvolve-se um mecanismo para a implantação de encadeamentos de VNFs no contexto intra-datacenter. O algoritmo proposto (OCM – Operational Cost Minimization) baseia-se em uma extensão da redução bem conhecida do problema de emparelhamento ponderado (i.e., weighted perfect matching problem) para o problema de fluxo de custo mínimo (i.e., min-cost flow problem) e considera o desempenho das VNFs (e.g., requisitos de CPU), bem como os custos operacionais estimados. Os resultados alcaçados mostram que o modelo ILP proposto para o problema VNFPC reduz em até 25% nos atrasos fim-a-fim (em comparação com os encadeamentos observados nas infra-estruturas tradicionais) com um excesso de provisionamento de recursos aceitável – limitado a 4%. Além disso, os resultados evidenciam que a heurística proposta (baseada em fix-and-optimize) é capaz de encontrar soluções factíveis de alta qualidade de forma eficiente, mesmo em cenários com milhares de VNFs. Além disso, provê-se um melhor entendimento sobre as métricas de desempenho de rede (e.g., vazão, consumo de CPU e capacidade de processamento de pacotes) para as estratégias típicas de implantação de VNFs adotadas infraestruturas NFV. Por último, o algoritmo proposto no contexto intra-datacenter (i.e. OCM) reduz significativamente os custos operacionais quando comparado aos mecanismos de posicionamento típicos uti / Network Function Virtualization (NFV) is a novel concept that is reshaping the middlebox arena, shifting network functions (e.g. firewall, gateways, proxies) from specialized hardware appliances to software images running on commodity hardware. This concept has potential to make network function provision and operation more flexible and cost-effective, paramount in a world where deployed middleboxes may easily reach the order of hundreds. Despite recent research activity in the field, little has been done towards scalable and cost-efficient placement & chaining of virtual network functions (VNFs) – a key feature for the effective success of NFV. More specifically, existing strategies have neglected the chaining aspect of NFV (focusing on efficient placement only), failed to scale to hundreds of network functions and relied on unrealistic operational costs. In this thesis, we approach VNF placement and chaining as an optimization problem in the context of Inter- and Intra-datacenter. First, we formalize the Virtual Network Function Placement and Chaining (VNFPC) problem and propose an Integer Linear Programming (ILP) model to solve it. The goal is to minimize required resource allocation, while meeting network flow requirements and constraints. Then, we address scalability of VNFPC problem to solve large instances (i.e., thousands of NFV nodes) by proposing a fixand- optimize-based heuristic algorithm for tackling it. Our algorithm incorporates a Variable Neighborhood Search (VNS) meta-heuristic, for efficiently exploring the placement and chaining solution space. Further, we assess the performance limitations of typical NFV-based deployments and the incurred operational costs of commodity servers and propose an analytical model that accurately predict the operational costs for arbitrary service chain requirements. Then, we develop a general service chain intra-datacenter deployment mechanism (named OCM – Operational Cost Minimization) that considers both the actual performance of the service chains (e.g., CPU requirements) as well as the operational incurred cost. Our novel algorithm is based on an extension of the well-known reduction from weighted matching to min-cost flow problem. Finally, we tackle the problem of monitoring service chains in NFV-based environments. For that, we introduce the DNM (Distributed Network Monitoring) problem and propose an optimization model to solve it. DNM allows service chain segments to be independently monitored, which allows specialized network monitoring requirements to be met in a efficient and coordinated way. Results show that the proposed ILP model for the VNFPC problem leads to a reduction of up to 25% in end-to-end delays (in comparison to chainings observed in traditional infrastructures) and an acceptable resource over-provisioning limited to 4%. Also, we provide strong evidences that our fix-and-optimize based heuristic is able to find feasible, high-quality solutions efficiently, even in scenarios scaling to thousands of VNFs. Further, we provide indepth insights on network performance metrics (such as throughput, CPU utilization and packet processing) and its current limitations while considering typical deployment strategies. Our OCM algorithm reduces significantly operational costs when compared to the de-facto standard placement mechanisms used in Cloud systems. Last, our DNM model allows finer grained network monitoring with limited overheads. By coordinating the placement of monitoring sinks and the forwarding of network monitoring traffic, DNM can reduce the number of monitoring sinks and the network resource consumption (54% lower than a traditional method). Redes : Computadores Redes virtuais Gerencia : Redes : Computadores Network Function Virtualization Combinatorial Optimization NFV Orchestration Service Chaining Performance Evaluation Open vSwitch Operational Cost Variable Neighborhood Search Math-heuristic Mathematical Programming

Search results